Microsoft’s drive to ensure Office 365 security and compliance is nothing new. But with the number of high profile information breaches growing, everyone responsible for enterprise data is a bit edgy.

Keeping Data Safe

Microsoft recently overhauled Office 365’s security, with a heavy emphasis on multi-factor authentication. This came only weeks after Microsoft plugged a cross-site vulnerability in Office 365 that could have exposed data to hackers.

In that instance, the vulnerability was exposed by Alan Byrne, co-founder of Internet security firm Cogmotive, not by Microsoft itself.

Given the spread of Office 365 in the enterprise pace, even one such incident could do irreparable damage to the brand. So it's not surprising that Microsoft is anxious to make a lot of noise about Office 355 security enhancements. To that end, Office 365 is now compliant with ISO 27018 and with HITRUST.

ISO 27018

ISO 27018 establishes a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. There are three big commitments enabled by these controls:

Office 365 is advertising-free so customers don’t have to worry that their data will be used for advertising or marketing purposes

There are defined policies for the return, transfer and secure disposal of PII

Office 365 proactively discloses the identities of sub-processors

HITRUST

The Health Information Trust Alliance — HITRUST — was formed to provide an actionable set of controls designed to protect electronic protected health information. Microsoft said its Office 365 team, in partnership with an independent assessor, successfully completed an assessment of its compliance with HITRUST. It received a rating of five, the highest rating possible.

Other Measures

Microsoft introduced two other security measures that were previously only available to subscribers to its Enterprise Mobility Suite and Azure Active Directory (AD) Premium subsections.

Sign-In page and Access Panel

This enables enterprises to build their own Sign-In page as well as the Azure AD Access Panel, where users pick an application to sign into. As of today, users will be able to customize the page using text, images and coloring of their choosing, making them more difficult to copy.

This is in addition to the Office 365 tenant branding that can be used to apply custom text, color and images for the Office 365 service as shown after sign-in.

Cloud user self-service password reset

The other feature, which surprisingly hasn’t been made available until now, is a self-service password reset. This makes the process of resetting passwords much easier and possible without the help of an administrator.

This functionality is available for Office 365 users who are cloud-based only and do not require write back of the updated password to an on-premises server.